Posted over 5 years ago. Visible to the public.

Rails 2: Refuse response formats application-wide

If you regularly get ActionView::MissingTemplate exceptions, maybe some bot visits your site requesting silly formats like:

Copy
http://www.rails-app.com/makandra.html-username-2000 # => Rails tries to retrieve 'makandra' with format 'html-username-2000'

Just restrict accepted format parameters for the whole application like this:

Copy
class ApplicationController < ActionController::Base before_filter :refuse_silly_formats private def refuse_silly_formats acceptable_formats = %w[html xml pdf] if params[:format] unless acceptable_formats.include? params[:format].downcase Rails.logger.error "Format not supported: #{params[:format]}" head interpret_status(:not_acceptable) end end end end

Note: request.format more reliably tells the format, but includes Rails-required formats such as application/x-www-form-urlencoded (which we must not refuse). For our purposes, getting the format from the params is exactly what we need. You may also skip that before_filter for a certain controller/action.

Kudos to Peter Wagenet.

Growing Rails Applications in Practice
Check out our new e-book:
Learn to structure large Ruby on Rails codebases with the tools you already know and love.

Owner of this card:

Avatar
Dominik Schöler
Last edit:
over 5 years ago
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Dominik Schöler to makandra dev
This website uses cookies to improve usability and analyze traffic.
Accept or learn more